Anonymous, Open Source P2P with MUTE

The ongoing battle between users of file-sharing programs and media copyright-enforcement organizations (most notably the RIAA) has seemingly
become a daily ping-pong match of lawsuits, threats of lawsuits, countersuits,
office raids of commercial P2P services, and soda pop promotional gimmicks
encouraging people to download music from legal music downloading services.

Regardless of all the threats, intimidation, and spoofed music files clogging
networks, P2P services in which users engage in "copyright infringement" (or
"file sharing," if you prefer) continue to thrive. Activity on them still far
surpasses the traffic of the legal music download sites, such as iTunes Music
Store and the now legit Napster.

One weakness of the P2P networks, including the infamous KaZaA, is the fact
that it's so easy to identify a user's IP address. The Recording Industry Association of America (RIAA) has managed to use
such extracted information to subpoena ISPs for the identities of potential
defendants.

Jason Rohrer has devised what could be the next technological headache for
organizations like the RIAA: a P2P system that can mask the identity (or, at
least, the IP address) of each user connected to it. Figuratively, he's done it
by letting out the ants to ruin the RIAA's picnic.

Rohrer, a 26-year-old programmer from Potsdam, New York, found inspiration in the way ants stream toward a food source. From observing the
creatures' behavior, he mapped out a networking method that functions
similarly — essentially, a shared file is the food source, and clients on
the network are the ants seeking the food. He then wrote his own P2P program
putting this theory to practice and christened it MUTE. Developed entirely in C++ and
released as open source, the program runs on Linux, Win32, and Mac OS X.

Figure 1. The MUTE file-sharing program running on
Linux.

Rohrer spoke with me for the O'Reilly Network, explaining how the ways of the ant could
hold the key to anonymity for P2P users.

Howard Wen: Give us a basic technical summary: What's the big difference between
how the MUTE network works versus the traditional P2P method, such as
KaZaA?

Jason Rohrer:Traditional P2P networks can best be described as "direct download" systems.
Nodes are linked together in a "mesh network," with each node connecting to a
small number of neighbors. Certain pieces of information are broadcast and routed through the mesh, such as search requests and results. Downloads are not
passed through the mesh — the downloader establishes a new, direct
connection to the file source to start the transfer.

Of course, a direct transmission means that the downloader needs to know the IP address of the file source. If you use TCP sockets — or UDP packets
— properly, a direct transmission also means that the file source can
find out the downloader's IP address.

The RIAA has demonstrated that, with a
subpoena or lawsuit, an IP address can easily be translated into a human name
and postal address. In other words, any system that relies on direct downloads
is not anonymous, due to intrinsic properties of Internet routing.

A MUTE network is very similar in form to a traditional P2P network: MUTE
nodes connect to each other in a mesh network, with each node maintaining a
small number of direct links to neighbor nodes. In addition to routing search
requests and results through the mesh, MUTE routes everything else, including
file transfers. Thus, a downloader does not need to know the IP address of a
file source, since the downloader never needs to make a direct connection, and
a download is routed through the chain of nodes that separate the downloader
from the file source. Routed downloads are what separates MUTE from other
search-and-download P2P networks.

Of course, routed downloads alone do not provide anonymity. Even more
crucial is the way that MUTE routes messages anonymously. Each MUTE node
generates a random virtual address for itself at startup. Messages are tagged
as being "from" one virtual address and "to" another virtual address, though
only the sending node knows that it owns the "from" address, and only the
receiving node knows that it owns the "to" address. None of the other nodes in
the network know which node owns either of these addresses.

As messages travel
through the network, they leave behind local "scent" — or routing —
information for their "from" address at each node that they pass through.

For example, if a message from Alice passes through a node, the node records
that it has received messages from Alice from one of its neighbors. In the
future, if that node receives a message to Alice, it can use this scent to
direct the message onward through that neighbor. Each node essentially
maintains directional hints about which direction Alice is in, though no one
knows for sure which node is actually Alice.

HW: What are the inherent difficulties in designing a P2P, or shared
network, system, overall?

JR: I have developed several P2P applications in the past, including
applications that rely heavily on cryptography, so those aspects weren't really
a challenge this time around. However, MUTE was the first platform-independent
C++ application for which I wanted to develop a true, natively compiled GUI,
and this was a major challenge.

I evaluated several toolkits, and several factors weighed into my decision. First, I had three target platforms in mind: GNU/Linux, Mac OS X, and Win32.
So, I needed a toolkit that supported all of them. Second, I couldn't afford to
pay for a toolkit, so I needed a toolkit with an unrestrictive license. Third,
I wanted a toolkit that would make use of C++, since object-oriented
abstractions seem particularly well-suited for GUIs. These factors essentially
ruled out every toolkit except for wxWindows [Editor's note: now known
aswxWidgets.]

The real challenge came in learning a new toolkit. wxWindows is powerful
and feature-rich, but the API is a little quirky. In addition, there were
wxWindows build hurdles for the various platforms. For example, my customary
Win32 compiler — I sheepishly admit that it was an outdated version of
CodeWarrior — couldn't compile the wxWindows library, so I had to switch
to a completely different, and unfamiliar, build environment: MinGW.

I also had to grudgingly accept that my
chosen GUI library was between 2 and 4 times larger than the rest of my
application. I detest code bloat, but I really had no choice.

The upshot is that MUTE can be downloaded and run natively on both Mac OS X
and Win32, even though my development platform was GNU/LinuxPPC. The code that
generates and runs the GUI is identical on all three platforms.

HW: Have you theorized other aspects of ant behavior that could be
applied to effective networking, besides masking a user's
identity?

JR: In nature, ants tend to find the shortest path between their nest and a food
source. Many different paths are traversed at first, but since ants can
complete roundtrips more frequently on the shorter paths, the shorter paths
receive more traffic and thus more pheromone scent, which in turn leads to more
traffic — ants move toward the strongest scents. Eventually, the scent on
the shortest path is so strong that all of the ants travel along this path.

MUTE's ant-routing also discovers "short" paths between a sender and
receiver. However, the fast roundtrip time is what makes a path attractive to
MUTE messages. In low-traffic situations, the fastest path will often be the
shortest one with the fewest hops. As traffic increases, however, a short path
may become slower if it is overloaded, and a longer path with less traffic may
be faster. Thus, using only local routing clues, MUTE can automatically balance
load throughout the network and avoid congested routes.

Of course, you only need this kind of load-balancing if you are routing, and
routing only makes sense if you are trying to protect anonymity. While load-balancing is a nice feature and will help MUTE's scalability, it is by no means
a standalone selling point for MUTE.

In other settings, such as ad-hoc wireless networks, ant-based routing is
very attractive and heavily researched. Because MUTE is built as an overlay
network on top of the TCP socket abstraction, its ant-routing cannot be used
out-of-the box to improve performance in an ad-hoc network. However, MUTE can
be seen as a good research platform for exploring the properties of ant-routing, since it is one of the first widely deployed networks to use it.